CVE Catalog

CVE-2026-47294

HighCVSS 8.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.64%

46th percentile - higher than 46% of all known CVEs

Summary

Microsoft Office SharePoint has improper neutralization of special elements used in os commands, leading to os command injection vulnerability. An authorized attacker can exploit this flaw to execute code over a network.

Risk Assessment

This vulnerability may allow attackers to execute code remotely, posing a serious threat to the security of the system and organizational data.

Recommendation

It is recommended to update Microsoft Office SharePoint to the latest version to mitigate this vulnerability and implement additional security measures such as monitoring and access control.

Original NVD description (English source)

Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS